Welcome to My World

I actually began the process of migrating my domains (willfe.com, willfe.net, and willfe.org) over to a different registrar that supports dynamic IP addresses in their DNS service last week, but because of a screwup at the current registrar (sigh … so nice of their “protected domain services” to “forget” to forward mail to me…) I had to cancel that transfer and start it again, but this time the confirmation mails actually arrived and so the move is officially in progress.

I’m told that the registrar switch doesn’t actually kill anything in DNS but I don’t completely trust this; it is entirely possible that the site, or mail to it, or the domain itself might temporarily vanish if something goes wonky. Because we live in a world occupied by humans, something is likely to go wonky

Consider that fair warning that there might be an outage over the next couple of days.

Recently a Debian developer discovered that a change made (by Debian) in OpenSSL (the underlying toolkit that powers OpenSSH and OpenVPN, as well as providing a stable SSL system for open-source web servers) a couple years ago significantly reduced how much genuine “entropy” (randomness) was available at key creation time for users of the OpenSSL library. Oops The end result is that it is theoretically possible for an attacker to guess your private key with just a little bit of information from your system.

Ubuntu users already have updates waiting when they next check for updates, but there’s the additional step of re-creating your private keys too (and the requisite “installing them on your systems” step that follows) to be free of the impacts of this update. It’s actually pretty straightforward to do (and if you don’t know what the hell I’m talking about, you’re not affected anyway ).

The relevant advisories are:

• OpenSSL vulnerability
• OpenSSH vulnerability
• OpenVPN vulnerability

A handy little tool called ssh-copy-id is a wonderful little bit of shorthand to help install your key on new systems quickly. On a regular box where you’ve just got the one key, you can just copy it over with a single command:

$ ssh-copy-id username@host

You’ll be prompted for your normal login password for username@host, but after that the tool automatically installs your public key in the right place on the target and from then on you shouldn’t need to take any extra steps for it to all “just work.” It’s spiffy.

BTW, anybody who’s gotten a bit rusty on their care and feeding of ssh and needs a refresher on how to regenerate a key, just run

$ ssh-keygen

by itself for an RSA key (add “-t dsa” to get a DSA key).

To the nay-sayers out there whining that this is an “obvious demonstration” that open source isn’t as secure as it’s claimed, bullshit. This is exactly how open source is more secure — somebody noticed a problem and it was fixed and rolled out within hours, not days, weeks, or months like with a closed-source vendor. Also, there is no known exploit for this vulnerability. Finally, this was a Debian-only (Ubuntu is based on Debian, so it and any other Debian-variant Linux distribution was affected as well) goof, and wasn’t a problem with the original OpenSSL on which this package was based.

Microsoft thinks it has an “innovative” way to encourage people to use Windows XP (not Vista, amusingly enough) on all these sexy new ultra-portable, ultra-cheap laptop computers instead of Linux (which is what almost every manufacturer of these little machines has been using so far): license XP at a steep discount so long as manufacturers deliberately cripple the hardware.

In the coming days, I plan to document this arcane process a bit more clearly (though admittedly it didn’t ultimately take all that much fidgeting around to get it working — it turns out that when you assume features labeled “advanced” won’t work because even the basics aren’t working, you are sometimes wrong ), but I made a series of really happy discoveries today regarding my HTC Excalibur (the “T-Mobile Dash” in the United States) and my laptop running Ubuntu 8.04:

• Synchronization now works (calendar, contacts, e-mail, and files) with Evolution on the laptop and the phone’s own native apps
• Network sharing works in both directions
  • If my laptop has a network connection and my phone is connected, the phone can happily share the laptop’s connection
  • If my laptop does not have a network connection and my phone is connected, if I enable the phone’s “Internet Sharing” app (just standard practice here — no special tricks), my laptop can snag an IP address from the phone via DHCP (again, all automatically) and share its connection
• Though it is an absolute pain in the ass (no recursion, and no wildcards), files can also be manually copied from anywhere on the device (storage card, root folder, etc.). Regular file synchronization in the device’s internal memory “My Documents” area works correctly.

Right now, synce-gnomevfs doesn’t seem to work (the damned binaries don’t seem to understand where to find each other):


will@prometheus:~$ synce-in-computer-folder install
Failed to open input file: '${prefix}/share/synce/synce-in-computer-folder.sh'.


(if I can get this piece fixed, it will mean the file browser (Nautilus) will let me skim around in the phone’s filesystem which will help sidestep the command-line “one file at a time” thing)

But this has got to just piss off somebody in Redmond, Washington something fierce — a Windows-based phone is cheerfully talking to and working with a “lowly” Linux box. Nyah, nyah! This was the last thing I “needed” Windows for (though the phone is capable of installing apps on its own, which made that issue much less itchy).

Right, sorry, my nearly-nonexistent readers, for the outage this afternoon/evening. I made one tiny little change in my server’s Apache configuration:

ServerName willfe.com

…which proceeded to completely piss it off for reasons I will likely never fully comprehend. I’d normally never admit that, but since changing the directive to read

ServerName willfe.org

totally fixed the problem, I am officially confused, and it made one of my eyeballs fall out.

Jumping on the bandwagon about 3 years too late (heh) I’ve installed the Pingback module into this Drupal site to enable Willfe.com to receive and send pingbacks. With a bit of luck the installation has actually gone right (it seems to have gone just fine) and things are running smoothly. This post is mostly just being made to test the thing and to provide the very first Pingback from Willfe.com — to the module author’s post about the module (very recursive, I know ).

Edit: Heh. Figures. I broke something The module runs but reports an error (technically a “warning,” but the warning essentially says “sorry, buddy, this ain’t happening today!”) when it sends a pingback. I’ve asked the author for a whack from his clue-by-four for guidance

Well, it sure didn’t take long for Dreamhost’s servers to buckle under the FastCGI-based “performance upgrades” on Willfe.com. Others have complained about it before, so I’ll just reiterate it here that sticking MySQL and the PHP front end on separate servers might sound like a good idea, but in effect it just really slows things down.

I’ve moved Willfe.com and the gallery to different hosting. I actually couldn’t move the gallery, and in fact I had to recreate it, which means graphics referenced in old posts are again broken until I find and update them. Sigh. Stuff should generally be much, much faster now, pretty much all the time. Unless a damned outage kills the box or the network

Note: Spammers and such, beware — all the same anti-spamming and DoS stuff is still up and running, so don’t think a host switch means free reign to blast the site with comment spam

This is the site’s 2,000th “node,” and barring a few management bits (categories, mostly), that means this is just about the two thousandth blog entry here on Willfe.com (gallery.willfe.com was also updated). Conveniently, this milestone comes as I successfully completed the arduous task of custom-building PHP for FastCGI on this DreamHost server, and to my surprise things actually are a decent amount faster. I haven’t managed to get APC (the caching beastie for PHP) working just yet, but should have that going shortly. Once that is working, things should go even faster.

Here’s to two thousand more posts on Willfe.com without a lawsuit!

Update: After much futzing around, FastCGI is properly enabled now and brought APC along for the ride. Holy shit, things are much faster now. Go play around in the gallery; it’s enough to bring a tear to your eye

With gas prices soaring past the $3.50 mark, it’s officially become “only use vehicle when absolutely necessary” time. Thanks to the generous loaning of a bicycle by a friend of mine, I’ve been enjoying a newfound enthusiasm for bicycling these past two weeks. Naturally, since I’m a bit of a geek, I had to “geek out” on the bike a little bit, and since I was going to be bicycling around at night on the trips home, a couple bits of safety equipment were needed. And nobody with a brain rides around without a bike lock these days either.

It’s actually transformed into a rather silly but remarkably effective means of transportation. The headlight (steady only) and taillight (steady or blinking in various patterns) both cost under $8 each and run on standard battery sizes (4 AA for the headlight and 2 AAA for the taillight), and both units cheerfully accept rechargeable batteries. They run seemingly forever on a charge, too, though I’ve played it safe and recharged them all at least once a week so far. The U-shaped bike lock was also pretty cheap, and so was the little computer I added to the handlebar — it shows stuff like current speed, average speed, elapsed time, distance, calories & fat burned, and so on.

I’m simultaneously impressed and annoyed with DreamHost (current home of Willfe.com). Their control panel is top-notch, their flexibility is astounding (as I’ll discuss further a bit on in this post, I’m even permitted to roll my own PHP builds and shove a cache like APC behind it), and on the whole performance has been pretty good for shared hosting.

But it’s still shared hosting. Shared hosting means my domain lives on the same physical server as a few hundred other accounts, and quite possibly a few thousand other domains. DreamHost separates MySQL from web servers, so the database sits on another machine (two points of failure, yay!). This is a good-in-theory kind of thing — in practice, if the web server slows down, my site slows down; if the database server slows down, my site (and every other site that uses that database server) slows down which ultimately slows the web server down.